BoringSSL, an OpenSSL Fork for Google Products

Change prompted by large set of patches for Chrome and Android

Google started working on their own version of cryptographic library, dubbed BoringSSL, that relies on OpenSSL code but seeks to be more appropriate for their products.

In order to adapt the cryptographic functions of the library to their solutions, Google uses a number of patches on top of OpenSSL; but maintaining them across multiple code bases has become more difficult, to the point that it is more feasible to add modifications from the main code into a forked version rather than keeping OpenSSL and building on top of it.

Google employee and cryptography engineer Adam Langley explains in a blog post that, at the moment, there are over 70 patches added into the OpenSSL used for Google products and that “some of them have been accepted into the main OpenSSL repository, but many of them don’t mesh with OpenSSL’s guarantee of API and ABI stability and many of them are a little too experimental.”

The first signs of BoringSSL will become available in the Chromium repository, and the plan is for it to be used in Android as well.

Langley said that the purpose of BoringSSL is not to replace OpenSSL as an open source project, as Google will continue to add input to the main code as well as fund the Core Infrastructure Initiative and the OpenBSD Foundation, which supports development of LibreSSL fork of the OpenSSL.